• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 838
  • Last Modified:

VB.NET sql connection statement syntax question...

I need to query a DB using a variable from a textbox.  The strSearch will hold the string to search for using the LIKE option.

How do I use a variable (strSearch) in the SQL statement with the % wildcard?  

Where (T4.PROJ_ID LIKE %'strSearch'%)  ???  That isn't right...

Is this SQL syntax or VB?

Thanks in advance...
3 Solutions
Is this what you want?

Dim strWhereClause As String = "Where (T4.PROJ_ID LIKE '%" & strSearch & "%')"

String WhereClause = "Where T4.PROJ_ID LIKE %" & txtSearch.Text.Replace("'","''") & "%'";

WhereClause = WhereWhere T4.PROJ_ID LIKE '%TEXT%'

that will find anything with txtSearch.text in it ...
use a % for wild chars anywhere in the string

remember to either use the sqltypes or to escape things like ' out of your field otherwise someone can use it to attack your database
the one way is to use parameters
if you want to build direct the sql statement
you can use
"select * from T4 where (T4.Proj_ID Like '%" & strSearch & "%')"

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now